Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
6 check-ins tagged with "ben-security"
|
2011-05-29
| ||
| 12:53 | Remove accidentally included line of code. ... (Closed-Leaf check-in: 0bed863b69 user: ben tags: ben-security) | |
| 12:49 | Support for client side SSL certificates for extra authentication to https servers. Adds --ssl-identity command line option and ssl-identity setting to specify the filename of a identity file containing a PEM encoded certificate and private key. ... (check-in: e06ea26e97 user: ben tags: ben-security) | |
|
2011-05-28
| ||
| 16:23 | Add the X-Frame-Options: DENY header to HTTP responses, and a comment lamenting that two other helpful security headers can't really be used without breaking things. ... (check-in: 95f04bbfbf user: ben tags: ben-security) | |
|
2011-05-22
| ||
| 15:08 | Follow web app best practise by marking cookies as HttpOnly and, if it's over an https connection, as 'secure' so they will only be transmitted over https. Options supported by major browsers, and harmless where not supported. ... (check-in: e4b57a3230 user: ben tags: ben-security) | |
| 14:53 | When displaying an unknown certificate, also display the certificate fingerprint so the user can verify they're seeing the certificate they expect. Just displaying the textual names in the certificate does not give enough information to be certain someone isn't doing a man in the middle attack. ... (check-in: fc93bfb0f7 user: ben tags: ben-security) | |
| 14:23 | Create new branch named "ben-security" ... (check-in: 2b4a6a66e1 user: ben tags: ben-security) | |